From 802d5a33bd77b3d177d3873c225daf2edc5286da Mon Sep 17 00:00:00 2001
From: Sam Anthony <sam@samanthony.xyz>
Date: Fri, 29 Nov 2024 14:00:43 -0500
Subject: server: input validation

---
 server/target.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'server/target.go')

diff --git a/server/target.go b/server/target.go
index 2d7ca80..c79d75e 100644
--- a/server/target.go
+++ b/server/target.go
@@ -31,7 +31,7 @@ func (h TargetHumidityHandler) get(w http.ResponseWriter, r *http.Request) {
 
 func (h TargetHumidityHandler) post(w http.ResponseWriter, r *http.Request) {
 	target, err := strconv.ParseFloat(r.URL.RawQuery, 32)
-	if err != nil {
+	if err != nil || !isValidHumidity(target) {
 		badRequest(w, "invalid humidity: '%s'", r.URL.RawQuery)
 		return
 	}
-- 
cgit v1.2.3